Cyber Security Assurance Analyst

The IT Security Department at Saga is recruiting. We are keen to appoint a Cyber Security Assurance Analyst to join our team to provide Governance oversight and services to deliver Saga’s Cyber Security Strategy and help manage internal and third-party cyber risk. You will also support the management of the Logical Access Management (LAM) of key technology systems to meet full compliance requirements and always protecting customers and our colleagues.

In this role you will play a key part to protecting Saga’s information and technology assets against internal and external cyber threats. You will support the delivery and maintenance of compliance requirements while implementing the Cyber Security Strategy.

We work in a hybrid way at Saga both at home and in the office. When you do come into the office, it’ll be with a real purpose in mind – to meet with your team, to work together, and of course to socialise and celebrate too! The Information Security team meet in person every month in Ashford, Kent.

Role Responsibility

• Support the execution of the Cyber Strategic Plan while continuously seeking innovative methods to enhance the cyber security function, reduce risk across the organisation, and improve customer and colleague experiences.
• Oversee and manage cyber security governance controls in line with Saga’s Cyber Assurance Framework, including tracking performance through KPIs and SLAs, supporting vulnerability management activities and providing relevant management information as needed.
• Assist with compliance activities such as policy and process assessments/improvements, ISO27001 and PCI-DSS re-certifications and audits.
• Implement and ensure the efficiency of internal and third-party cyber risk mitigation controls to align with risk appetites. Utilising internal reviews and third-party risk management systems and processes to ensure third parties meet Saga security standards.
• Stay updated on the external cyber threat landscape through participation in internal/external events and obtaining certifications and share best practices with colleagues.
• Manage the technology access review process, coordinating with technology teams, broader business functions, and audit teams to ensure proper system access management and review.
• Assist and support the incident management processes, including handling incidents, performing root cause analysis, documenting lessons learned, creating and ongoing reviews of playbooks.
• Offer cyber consultancy services to support business initiatives, ensuring compliance and risk appetite requirements are met.
• Adhere to our Governance and Business Code of Conduct, consistently acting with integrity and due diligence.

The Ideal Candidate

You will already have a strong understanding of compliance and regulations for cyber risks to businesses, especially those that operate in heavily regulated markets such as insurance and financial products. You will have worked in an auditing and monitoring role and also demonstrate the following skills:

• Have a good understanding of risk management approaches and the application of Cyber risk management controls.
• Demonstrate good written and verbal communications skills.
• A broad understanding of FCA, GDPR, IMO, and PCI compliance requirements.
• Knowledge and understanding of cyber-attack techniques and vulnerability testing frameworks.
• Have experience in incident response and management.
• Experience in undertaking Risk assessments, control testing and reporting in a regulated environment.
• Proven stakeholder management experience, has worked in a large business model.
• Can demonstrate previous experience in the planning, leading and delivering of audits and compliance activities.

Package Description

Everyday our colleagues deliver exceptional experiences to our customers. We believe exceptional work deserves even more exceptional rewards, that's why we have put together an amazing benefits package for all colleagues.

BENEFITS AVAILABLE TO ALL COLLEAGUES:

• 25 days holiday + bank holidays
• Option to purchase additional leave up to 5 extra days
• Pension scheme matched up to 10%
• Company performance related annual bonus - Up to 5%
• Colleague discounts including family discounts on cruises and holidays
• Range of reductions and offers from leading retailers, travel groups and entertainment companies
• Enhanced maternity and paternity leave
• Grandparents leave
• Income protection
• Access to Saga Academy, our bespoke learning platform

About the Company

Over the past 70 years we have become the UK's specialist provider of products and services to people aged over 50 in the UK. The Saga brand has become one of the most recognised and trusted brands amongst UK consumers in this demographic, recognised for its high-quality products and exceptional standards of service. These include cruises and holidays, insurance, personal finance and the Saga Magazine.

We are a dynamic and forward-looking business with a clear, single-minded purpose; to create exceptional experiences every day whilst being a driver for positive change in our markets and communities. Our focus on exceptional experiences empowers our colleagues to create moments that are simple, personal and special for our customers and for each other. Our values underpin our approach and help guide us to deliver our purpose.

At Saga we are committed to treating all employees fairly and to offering equal opportunities in all aspects of employment and advancement. We value diversity not just because it is the right thing to do, but because diverse teams perform better.

We’re passionate about diversity, equity, and inclusion. Championing diversity is important to us, and diverse teams really are the best ones. We’re dedicated to creating a culture where every colleague feels like they belong. So that at Saga, more than anywhere else, you can be your best, be yourself and make a difference.